General
-
Target
R D X E 6 5.rar
-
Size
10.7MB
-
Sample
240803-jmrvjaxapj
-
MD5
bf488a28c0aa529bf8ff779b673d58fb
-
SHA1
687f8e7164f642d746a7c7b7dd5c1c70d1e1453c
-
SHA256
f29f8a8d5cf10644a4fecee5eefacfdad688b0b96540cd68ea4ae7058bfe327b
-
SHA512
3c02bd2718eaf58c7cd70c6cebf1c797a5cab5a684918eaa5068e836897c5ef4091f3dca1badb1bb86557a8ad103b1de39b5e19efd60029baf67f13244e0c542
-
SSDEEP
196608:qfMWCbdJFQ4G78fFZ0sqBCaSqLHjgIoX8ExcBjP3hIksFQQdO5:hWCJfBFZ0sCd4IoMecV/hHsOQc
Behavioral task
behavioral1
Sample
R D X E 6 5.rar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
R D X E 6 5/Client.exe
Resource
win7-20240729-en
Behavioral task
behavioral3
Sample
R D X E 6 5/Roblox Executor.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
R D X E 6 5.rar
-
Size
10.7MB
-
MD5
bf488a28c0aa529bf8ff779b673d58fb
-
SHA1
687f8e7164f642d746a7c7b7dd5c1c70d1e1453c
-
SHA256
f29f8a8d5cf10644a4fecee5eefacfdad688b0b96540cd68ea4ae7058bfe327b
-
SHA512
3c02bd2718eaf58c7cd70c6cebf1c797a5cab5a684918eaa5068e836897c5ef4091f3dca1badb1bb86557a8ad103b1de39b5e19efd60029baf67f13244e0c542
-
SSDEEP
196608:qfMWCbdJFQ4G78fFZ0sqBCaSqLHjgIoX8ExcBjP3hIksFQQdO5:hWCJfBFZ0sCd4IoMecV/hHsOQc
Score3/10 -
-
-
Target
R D X E 6 5/Client.config
-
Size
33.0MB
-
MD5
157bca5bfbab154797fbbe947946084f
-
SHA1
280096391abd2ea592198d205b6e44cdd2408121
-
SHA256
f9aae2ca83d60ae3a6e443d23c91672cda766f73003e4f3f0f99eec1f336d946
-
SHA512
5fbbaa59d4425779ecae554372a476414a60b70fe190ca408a0505b13064866d1576e6409e657d2933cd5922a053aacdf7c01b457b3385476dabfe1c46b5c1da
-
SSDEEP
786432:BeCve2OlHAoFfgrh96BKMZvBx9ImCrWFi6:BejjlHAopI9xABx9ErWFi6
Score1/10 -
-
-
Target
R D X E 6 5/Roblox Executor.exe
-
Size
150.0MB
-
MD5
2deeebca12a7ad34853fdcd49c37dce6
-
SHA1
31b89e4dba3453b6d5586c31a38dea21ffbb8980
-
SHA256
6f5d9fc697149670937135f56c7201bc59fcc535b6af45924b7b387fa0ce2a9d
-
SHA512
6826aa344d3a3c6776d43912518ef350c97ac6cd4a5817562e436daebf399f2e7ea25ce36ade106915864b375a8c87377753c87f344717405902f50ad7685e6a
-
SSDEEP
196608:5kfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfT:4
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2